spf-discuss
[Top] [All Lists]

Re: Simple method to prevent cross-customer forgery on shared MTAs

2005-05-17 06:10:46
On Tue, 17 May 2005, Stuart D. Gathman wrote:

Suppose an SMTP service has domain 'service.com' and wants to
prevent cross-customer forgery.  A client logs in to SMTP AUTH as 'curly' and
gives a MAIL FROM of 'moe(_at_)example(_dot_)com'.  The service then looks 
for a DNS A
record at:

      moe._using_.paul._at_.service.com._smtpauth_.example.com

Ooops.  Typo.  That should be:

        moe._using_.curly._at_.service.com._smtpauth_.example.com
        
        *._using_.curly._at_.service.com._smtpauth_.example.com

        ; NOT LEGAL BIND SYNTAX - means match any name ending with '=moe'.
        *=moe._using_.curly._at_.service.com._smtpauth_.example.com

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.